public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/34285] New: buffer overflow incorrectly detected
@ 2007-11-29 10:36 marcus at jet dot franken dot de
2007-11-29 10:37 ` [Bug c/34285] " marcus at jet dot franken dot de
` (7 more replies)
0 siblings, 8 replies; 10+ messages in thread
From: marcus at jet dot franken dot de @ 2007-11-29 10:36 UTC (permalink / raw)
To: gcc-bugs
A construct with char arrays within a struct incorrectly triggers
a buffer overflow warning.
testcase attached.
--
Summary: buffer overflow incorrectly detected
Product: gcc
Version: 4.3.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: marcus at jet dot franken dot de
GCC build triplet: ppc-linux-gnu
GCC host triplet: ppc-linux-gnu
GCC target triplet: ppc-linux-gnu
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug c/34285] buffer overflow incorrectly detected
2007-11-29 10:36 [Bug c/34285] New: buffer overflow incorrectly detected marcus at jet dot franken dot de
@ 2007-11-29 10:37 ` marcus at jet dot franken dot de
2007-11-29 10:43 ` [Bug middle-end/34285] [4.3 Regression] " pinskia at gcc dot gnu dot org
` (6 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: marcus at jet dot franken dot de @ 2007-11-29 10:37 UTC (permalink / raw)
To: gcc-bugs
------- Comment #1 from marcus at jet dot franken dot de 2007-11-29 10:37 -------
Created an attachment (id=14664)
--> (http://gcc.gnu.org/bugzilla/attachment.cgi?id=14664&action=view)
xx.i
gcc -O2 -Wall -c xx.i
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/34285] [4.3 Regression] buffer overflow incorrectly detected
2007-11-29 10:36 [Bug c/34285] New: buffer overflow incorrectly detected marcus at jet dot franken dot de
2007-11-29 10:37 ` [Bug c/34285] " marcus at jet dot franken dot de
@ 2007-11-29 10:43 ` pinskia at gcc dot gnu dot org
2007-11-29 10:47 ` mueller at gcc dot gnu dot org
` (5 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2007-11-29 10:43 UTC (permalink / raw)
To: gcc-bugs
------- Comment #2 from pinskia at gcc dot gnu dot org 2007-11-29 10:42 -------
__builtin___strncpy_chk (&foo.a[0], line, 19, 10)
The issue comes down to folding of (char*)&foo into &foo.a[0], we should not be
doing that folding.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hubicka at gcc dot gnu dot
| |org
Component|c |middle-end
GCC build triplet|ppc-linux-gnu |
GCC host triplet|ppc-linux-gnu |
GCC target triplet|ppc-linux-gnu |
Keywords| |diagnostic
Summary|buffer overflow incorrectly |[4.3 Regression] buffer
|detected |overflow incorrectly
| |detected
Target Milestone|--- |4.3.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/34285] [4.3 Regression] buffer overflow incorrectly detected
2007-11-29 10:36 [Bug c/34285] New: buffer overflow incorrectly detected marcus at jet dot franken dot de
2007-11-29 10:37 ` [Bug c/34285] " marcus at jet dot franken dot de
2007-11-29 10:43 ` [Bug middle-end/34285] [4.3 Regression] " pinskia at gcc dot gnu dot org
@ 2007-11-29 10:47 ` mueller at gcc dot gnu dot org
2007-11-29 11:14 ` pinskia at gcc dot gnu dot org
` (4 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: mueller at gcc dot gnu dot org @ 2007-11-29 10:47 UTC (permalink / raw)
To: gcc-bugs
------- Comment #3 from mueller at gcc dot gnu dot org 2007-11-29 10:47 -------
fortify_source=2 is supposed to reject it (only sizeof the struct member, not
the whole struct is allowed).
use fortify_source=1 or fix your broken code.
--
mueller at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mueller at gcc dot gnu dot
| |org
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/34285] [4.3 Regression] buffer overflow incorrectly detected
2007-11-29 10:36 [Bug c/34285] New: buffer overflow incorrectly detected marcus at jet dot franken dot de
` (2 preceding siblings ...)
2007-11-29 10:47 ` mueller at gcc dot gnu dot org
@ 2007-11-29 11:14 ` pinskia at gcc dot gnu dot org
2007-11-29 11:25 ` jakub at gcc dot gnu dot org
` (3 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2007-11-29 11:14 UTC (permalink / raw)
To: gcc-bugs
------- Comment #4 from pinskia at gcc dot gnu dot org 2007-11-29 11:14 -------
(In reply to comment #3)
> use fortify_source=1 or fix your broken code.
The code is not broken as the person is accessing via the array via char and
not via a different type.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |UNCONFIRMED
Resolution|INVALID |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/34285] [4.3 Regression] buffer overflow incorrectly detected
2007-11-29 10:36 [Bug c/34285] New: buffer overflow incorrectly detected marcus at jet dot franken dot de
` (3 preceding siblings ...)
2007-11-29 11:14 ` pinskia at gcc dot gnu dot org
@ 2007-11-29 11:25 ` jakub at gcc dot gnu dot org
2007-11-29 11:29 ` pinskia at gcc dot gnu dot org
` (2 subsequent siblings)
7 siblings, 0 replies; 10+ messages in thread
From: jakub at gcc dot gnu dot org @ 2007-11-29 11:25 UTC (permalink / raw)
To: gcc-bugs
------- Comment #5 from jakub at gcc dot gnu dot org 2007-11-29 11:25 -------
It is invalid for -D_FORTIFY_SOURCE=2.
-D_FORTIFY_SOURCE=1 allows all standard conforming code, -D_FORTIFY_SOURCE=2
imposes further restrictions (one is e.g. that %n for *printf arguments must be
only used in strings which can't be written into, one is that the str*/stp*
family of functions not only can't overflow into some other object, but can't
overflow from one struct field into another, etc.).
So, either rewrite the code using mem* functions (which even with
-D_FORTIFY_SOURCE=2 can cross field boundaries), or rewrite it to initialize
the fields individually, not in one call, or use -D_FORTIFY_SOURCE=1 instead of
-D_FORTIFY_SOURCE=2.
--
jakub at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/34285] [4.3 Regression] buffer overflow incorrectly detected
2007-11-29 10:36 [Bug c/34285] New: buffer overflow incorrectly detected marcus at jet dot franken dot de
` (4 preceding siblings ...)
2007-11-29 11:25 ` jakub at gcc dot gnu dot org
@ 2007-11-29 11:29 ` pinskia at gcc dot gnu dot org
2007-11-29 11:47 ` mueller at gcc dot gnu dot org
2007-11-29 19:28 ` [Bug middle-end/34285] " pinskia at gcc dot gnu dot org
7 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2007-11-29 11:29 UTC (permalink / raw)
To: gcc-bugs
------- Comment #6 from pinskia at gcc dot gnu dot org 2007-11-29 11:29 -------
(In reply to comment #5)
> family of functions not only can't overflow into some other object, but can't
> overflow from one struct field into another
HUH???? There is no overflow from one struct field to another here. The
assignment is for the full struct.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |UNCONFIRMED
Resolution|INVALID |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/34285] [4.3 Regression] buffer overflow incorrectly detected
2007-11-29 10:36 [Bug c/34285] New: buffer overflow incorrectly detected marcus at jet dot franken dot de
` (5 preceding siblings ...)
2007-11-29 11:29 ` pinskia at gcc dot gnu dot org
@ 2007-11-29 11:47 ` mueller at gcc dot gnu dot org
2007-11-29 19:28 ` [Bug middle-end/34285] " pinskia at gcc dot gnu dot org
7 siblings, 0 replies; 10+ messages in thread
From: mueller at gcc dot gnu dot org @ 2007-11-29 11:47 UTC (permalink / raw)
To: gcc-bugs
------- Comment #7 from mueller at gcc dot gnu dot org 2007-11-29 11:47 -------
Andrew, read the comments or stop reopening. the behaviour is documented that
way even.
--
mueller at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/34285] buffer overflow incorrectly detected
2007-11-29 10:36 [Bug c/34285] New: buffer overflow incorrectly detected marcus at jet dot franken dot de
` (6 preceding siblings ...)
2007-11-29 11:47 ` mueller at gcc dot gnu dot org
@ 2007-11-29 19:28 ` pinskia at gcc dot gnu dot org
7 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2007-11-29 19:28 UTC (permalink / raw)
To: gcc-bugs
------- Comment #8 from pinskia at gcc dot gnu dot org 2007-11-29 19:27 -------
I still say GCC is incorrect here, even if I was drinking last night. This
should work as the whole struct is touched and not even looked at the one
field.
Even if the documentation says that, it is still bad behavior.
--
pinskia at gcc dot gnu dot org changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
Status|RESOLVED |UNCONFIRMED
Resolution|INVALID |
Summary|[4.3 Regression] buffer |buffer overflow incorrectly
|overflow incorrectly |detected
|detected |
Target Milestone|4.3.0 |---
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug middle-end/34285] buffer overflow incorrectly detected
[not found] <bug-34285-4@http.gcc.gnu.org/bugzilla/>
@ 2012-02-02 18:27 ` pinskia at gcc dot gnu.org
0 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu.org @ 2012-02-02 18:27 UTC (permalink / raw)
To: gcc-bugs
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=34285
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |FIXED
--- Comment #9 from Andrew Pinski <pinskia at gcc dot gnu.org> 2012-02-02 18:26:36 UTC ---
The warning has "fixed" by the patch which changed PR 50460.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2012-02-02 18:27 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-11-29 10:36 [Bug c/34285] New: buffer overflow incorrectly detected marcus at jet dot franken dot de
2007-11-29 10:37 ` [Bug c/34285] " marcus at jet dot franken dot de
2007-11-29 10:43 ` [Bug middle-end/34285] [4.3 Regression] " pinskia at gcc dot gnu dot org
2007-11-29 10:47 ` mueller at gcc dot gnu dot org
2007-11-29 11:14 ` pinskia at gcc dot gnu dot org
2007-11-29 11:25 ` jakub at gcc dot gnu dot org
2007-11-29 11:29 ` pinskia at gcc dot gnu dot org
2007-11-29 11:47 ` mueller at gcc dot gnu dot org
2007-11-29 19:28 ` [Bug middle-end/34285] " pinskia at gcc dot gnu dot org
[not found] <bug-34285-4@http.gcc.gnu.org/bugzilla/>
2012-02-02 18:27 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).